Home > Net >  Does Apache keep holding a key file open when mod_ssl is enabled?
Does Apache keep holding a key file open when mod_ssl is enabled?

Time:01-26

I was testing my httpd config on centOS-like OS, and found a "wired" error AH02574: Init: Can't open server private key file in one of the VirtualHost, while another one doesn't produce any error.

In my config file, same SSL cert is referred by both (two) virtual hosts, of course is the private key file also shared. The httpd fail to start with this config. When I dig into the log, I found one virtual host (example.com) config does not produce any error, while the other vhost (sub.example.com, at latter lines in the ssl.conf) can't read the key file. I suspect this is due to the file was opened by the programme already, and hence stays on hold preventing it to be opened again. If this is the case, how should I solve it? An simple solution comes to my mind was to duplicate the key file, but I doubt for any security risk.

To give a better idea, below is a sample config:

<VirtualHost *:443>
  ServerName example.com
  # ... some other config
  SSLCertificateFile    "/path/to/ssl.crt"
  SSLCertificateKeyFile "/path/to/ssl.key"
</VirtualHost>
<VirtualHost *:443>
  ServerName sub.example.com
  # ... some other config
  SSLCertificateFile    "/path/to/ssl.crt"
  SSLCertificateKeyFile "/path/to/ssl.key"
</VirtualHost>

CodePudding user response:

As per answer given by Jimmy, You can include sudo at the beginning of the command as below. I have also spent some 2 hours battling the same error but this helped me

sudo restorecon -RvF /etc/ssl/keyfile

After running the command, it should show as per image attached. Then you can restart the apache service [1]: https://i.stack.imgur.com/uipI4.png

CodePudding user response:

Although with a different problem, but This answer also resolves my problem! Here is the solution provided by that answer:

restorecon -RvF /path/to/key_file
  • Related